Anon FTP on an IPFW Firewall?

[pipman]

Hey,

I'm trying to get an anonymous ftp server (wu-ftp) to work with an IPFW Firewall.

I enabled port 21, but that only enables access if you directly specify port 21 when connecting, but when you try to access ftp anonymously from a web browser, it is blocked because wu-ftp seems to be using random server ports to connect.

Do anyone know how to get around this or to configure wu-ftp correctly so that it only uses port 21 even for anonymous ftp?

Any help would be greatly appreciated.

Dan

 

[Patrickp1973]

How did you configure the firewall to accept the connections?

Browsers utilize PASV mode for thier connections however this should still create a connection to port 21 , it just then randomly opens a higher port ..

Do you also have port 20 open as well ?

 

[pipman]

Thanks for all your help.

I was able to fix the issue that I mentioned by adding these lines to my ipfw.conf:

allow tcp from any to any 21 keep-state setup
allow tcp from any to any 2000-2099 keep-state setup


And by adding this line to wu-ftp's ftpaccess file:

passive ports 0.0.0.0/0 2000 2099

Since I'm running an anonymous file upload server, do I really need to have active ftp enabled? Most of our users upload through the web and some through ftp clients, which all/most use passive ftp.

The strange thing is even though port 20 isn't enabled. I'm still able to connect using an ftp client using the active mode. How is this possible? How can I test if it's truly active mode?

Dan

 

[Patrickp1973]

The connection doesnt utilize port 20 until you actually try to retrieve or send data from the server such as a directory listing etc.

 

[pipman]

Hey Patrick,

Well what I mean is that when I connect using an ftp client using active mode, I able to upload and download even though port 20 is disabled. I thought this wasn't suppose to happen in active mode.

Dan